Family Educational Rights and Privacy Act (FERPA)


The Family Educational Rights and Privacy Act (FERPA) was passed in 1974. Under FERPA, a school may not generally disclose personally identifiable information from an eligible student’s education records to a third party without written consent. However, there are a number of exceptions to this rule, which the Department of Education has laid out in a simple chart.


What you need to know:

  • FERPA gives parents certain rights with respect to their children’s education records. Generally, schools must have written permission from the parent or eligible student in order to release any information from a student’s educational record. These rights transfer to the student when he or she reaches the age of 18 or attends a school beyond the high school level.
  • Schools must provide parents (or certain eligible students) with an opportunity to inspect and review their student’s education records within 45 days. If a service provider is maintaining or storing student records, they should be aware of the time limits for processing such requests.
  • Parents (or certain eligible students) have the right to request that schools amend their student’s education records that include inaccurate or misleading information.



California passed the first state law in the nation that comprehensively addresses student privacy called The Student Online Personal Information Protection Act (SOPIPA). SOPIPA went into effect on January 1, 2016 and applies to websites, applications and online services who have actual knowledge that the service is being used for K-12 school purposes and was designed and marketed for K-12 purposes.


What you need to know:

  • Prohibits use of targeted advertising
  • Prohibits operators of online educational services from selling student data and using such information to target advertising to students or to “amass a profile” on students for a non-educational purpose.
  • Requires online service providers to maintain adequate security procedures and to delete student information at the request of a school or district


*Twenty other states have enacted student data privacy laws, but California is unique in making industry directly responsible for ensuring the privacy of student data.

The Student Privacy Pledge


The Future of Privacy Forum (FPF) and the Software & Information Industry Association (SIIA) introduced a K-12 school service providers Pledge to safeguard student privacy built around a dozen commitments regarding the collection, maintenance, and use of student personal information.

The Student Privacy Pledge holds school service providers accountable to:

  • Not sell student information
  • Not use behaviorally targeted advertising
  • Use data for authorized education purposes only
  • Not change privacy policies without notice and choice
  • Enforce strict limits on data retention
  • Support parental access to, and correction of errors in, their children’s information
  • Provide comprehensive security standards
  • Be transparent about collection and use of data.

An initial leadership group of major school service providers signed the Pledge; hundreds more have since joined them, and more come in every day. The group is made up of some of the leading names in education technology, including Amplify,, DreamBox Learning, Edmodo, Follett, Gaggle, Houghton Mifflin Harcourt, Knewton, Knovation, Lifetouch, Microsoft, MIND Research Institute, myON, and Think Through Math.

Pledge Endorsed by President Obama